Compliance step one: Know the difference between a disaster and a crisis

For Tarun Chopra, chief financial officer of Clements Worldwide, a global insurance provider, corporate compliance is a matter of “practice what you preach.”

Chopra notes that, in this day and age, compliance is a necessity, so it is essential for the companies he works with – companies that operate in 170 different countries and in some of the highest-risk regions in the world – that they embrace compliance rather than challenge it, seeing the value proposition in a robust compliance program.

While Clements advises its companies on their own compliance programs, it’s essential, Chopra says, that the insurance provider gets its own house in order first, so it can be seen as practicing what it preaches. To that end, Chopra states that Clements sees three distinct categories of compliance.

First, there is financial compliance, which usually comes down to a matter of by-the-book audits. It is, therefore, the clearest type of compliance for most companies. Then there is the slightly more complicated matter of regulatory compliance, which has many facets. With regulatory compliance, there are specific tasks concerning matters of corporate governance, licensing and more, that vary from industry to industry. When companies operate internationally, these matters become even more complex.

The final category of compliance is business compliance, which covers a wide spectrum. Companies need to consider a business continuity plan, a way to secure data, and other matters that allow them to deal with any losses that may occur. This, says Chopra, is the keystone of any compliance program.

“Companies need to know the difference between a disaster and a crisis,” he explains. “A disaster is an event; a crisis is a situation. You recover from a disaster, but you need to manage a crisis. These are very different.”

The biggest mistake companies can make in this area is to wait until something happens and figure it out from there. That might work in the case of a disaster, like an earthquake, but a crisis like a rogue employee is far more complex and requires preparation.

In dealing with companies like international aid agencies that work in the most challenging areas of the poorest nations in the world, Chopra finds that a lot of decision makers in these organizations lack the foresight that would help them avoid risk. They do business in areas that are often lawless and rife with turmoil. If a high-profile event, such as a terrorist bombing, should occur, insurance rates with skyrocket for late adopters.

To that end, risk management plays a huge role in compliance programs, which is why Clements offers discounts for companies with strong compliance records. According to Chopra, companies need to start looking at compliance as a way to create value and decrease variability, which businesses hate. “Risk management is a way of reducing variation,” Chopra explains. And understanding a range of outcomes can help any company deal with ever-changing regulations and business factors that can upset the apple cart.